MAL-2025-186027 Malicious code in cat-air-xi-slow-visualize (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5fefed3200aae9b03b2b7c8bfb5a00098ddc2ba15609c9a4286de08a7b8603e0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in sandbox-bash-authorize-hot-simulate (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 03dc660b6955606964bbd1a854d1ccdb491b52ee29cc056775e7f0a9e7c47d4e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in pino-avior-nightwatch-betelgeuse (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1e4d3ae1a586ca72cce709675ce0fa9bc7536fad5bcf6063f22852797657cdec This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in rollup-plugin-octans-fomalhaut-dependencies (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5af786cbe84ba8a4f35aa3f8afa89b09b9b2ad65ba56783efdc80335e5eb0fb5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in test-janus-eslint-config-materialize (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ec79023492b97711616187adb7b16741d7d4baf291a1de140a8c20060aa9f434 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in try-import-fork-socket-beta (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5d6ff2c712f6685d9887aa3d5affbb9c1822f2fef5b030d92d8353d3af0d9510 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in root-root-iota-link-error (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c06ae8ea49373121c3d3a2f9115d40afa3584bd4670a4ad02ca8ba801d3c5a55 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in upsilon-decode-long-socket-final (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0962f6e8da2e588484b33fb5c75f660402e645c56187e064048d31ee6b4a4e7d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in upgrade-hexo-gulp-cosmogenic (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0fec89a7eb1a0e703849d699b2b85e2ad103da3e48674eb73284410a4a4e69b8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in old-stub-xml-deploy-wind (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 10e8f422e088bab75c4abb1e298f807dcf0c370c443f55e40042e701ad51990e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in runtime-void-resolve-assert-public (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3bb443fcd51dd51af15baf36f2bd5ee8696d572a5a1b20707b057330e001a811 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in orogeny-fork-query-troposphere (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c492b47b53956d011ee186610884f977d3c12e41fc55e4512fa5e5ac20842815 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in mocha-neptunology-flare-galaxy (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a6d37bf0614ce1300b08987292992ee91266002a191b2baf94fb221bc877a9b1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in boolean-reject-balance-sun-slow (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 436d2a7d547003a68729e3922ccf2d7012044960c4bae007727f0bb68cb43ce9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in fast-sudo-fire-chi-authenticate (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 473767456809b39e8ef62ee3a7bec7778b63f84616c733ac7fb4a6d0a155a791 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in testcafe-janus-sqlite-bulma (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7feb0b7445736f55bca854917d47ab99d715f6cae4ee3c643c4998ca93721c46 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in double-rain-protected-import-monitor (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8581e04e65ec57750c45a77518bc0bde32027cce7cec3092673048972abc390a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in enum-parse-protected-kernel-refactor (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c0dbeea8703cb39fdaebdb0eae171d5530df87e6fb81440888d36ce34490e657 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in iota-simulate-optimize-tree-bundle (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 47c722544b9359bb4bc6cef7b4fdf6d41f42371b1b8e0c2111cd18050e5101c9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in iota-analyze-transpile-iota-abstract (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8251666c7b11f2df34aa4f023b3fc2fc7c85966a9f6a37223dfd3d1028ef753e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...